About this blog

About Deloitte Insights

Deloitte’s Insights for C-suite executives and board members provide information and resources to help address the challenges of managing risk for both value creation and protection, as well as increasing compliance requirements.

Search Deloitte Insights

Related Deloitte Insights

More organizations are moving in the direction of naming a full-time, standalone chief compliance officer who reports directly to the board, according to “In Focus: 2015 Compliance Trends Survey,” a joint effort between Deloitte and Compliance Week. More than half of the 364 senior-level executives surveyed say they now have standalone CCOs, an increase from 50% in 2014 and 37% in 2013. A similar number of executives say the CCO reports to either the CEO or the board, the highest figure recorded for this question in at least three years.

Expectations for audit committees are higher than ever, and setting the appropriate tone at the top has never been more important. Deloitte’s “Audit Committee Resource Guide” includes regulatory requirements, leading practices and questions for audit committees to consider as they execute their responsibilities. It also includes tools and resources provided by Deloitte LLP’s Center for Corporate Governance and other governance organizations. The guide is a reference for both seasoned and new audit committee members as they address areas such as oversight of internal controls, financial reporting, risk, interaction with the internal and independent auditors, and review of earnings press releases.

Many boards strive to be inclusive when seeking new ideas, but by recruiting new members with a bias toward the C-suite, they may miss an opportunity to gain new perspectives. Deborah DeHaas, vice chair, national managing partner, Center for Corporate Governance and chief inclusion officer at Deloitte LLP, and Byron Spruell, vice chair, Central region and Chicago managing principal at Deloitte LLP, discuss benefits boards can gain by recruiting more members with diverse backgrounds, such as a deeper understanding of trends and changes that could influence their organization’s strategic direction.

Deloitte Views & Analysis

Under Mexico’s energy reform program, which ends 75 years of state monopoly in the local electricity and oil and gas sectors, the Mexican government will enter into arrangements with private investors to exploit unexplored, underused, unconventional reserves and increase competition in the electricity sector to lower local prices. Deloitte’s “Oil & Gas Spotlight” provides insight into select aspects of energy reform in Mexico, including potential accounting implications of the reform under Mexico Financial Reporting Standards and U.S. GAAP.

In support of longer-term performance, tackling challenges within five discrete areas should rank high on insurers' strategic agendas: business transformation, longevity risks, information fluency, compliance process transformation and capital management. Converting these challenges into opportunities for growth and performance enhancement, such as emphasizing products and services that are more flexible, customizable and consumer-driven, could determine which companies are most effectively positioned to lead the industry.

Pressure to create value in the life sciences industry is driving M&A, divestitures and restructurings at unprecedented levels. Life sciences companies can leverage deal-making opportunities to increase company valuations and capitalize on synergies that allow their organizations to scale rapidly. Factors impacting life sciences M&A activity include patent expirations, pricing pressures, growth of foreign and emerging markets and rising cross-border activity.

Risk Culture: Three Stages of Continuous Improvement

Few would argue the importance of culture to an organization’s enterprise-wide risk processes and compliance standards. Identifying what factors make an organization’s culture strong from a risk standpoint and how they can be aligned with risk and compliance initiatives can be challenging. Even more challenging is how companies can go about improving their risk culture and measuring progress over time.

For many companies, especially in the financial services sector, the financial crises of 2007 and 2008 marked a turning point in rethinking the role of an organization’s risk culture. Perhaps the most important lesson from that period was that a strong risk culture should permeate all levels of an organization. “As a starting point, it’s important to realize that risk culture should affect everyone, not just the risk function,” noted Donna Epps, a partner with Deloitte Financial Advisory Services LLP, and moderator of a Deloitte webcast on the role of boards and management in developing a risk culture. “To a large degree, an organization’s culture determines how it manages risk when under stress. For some companies, their risk culture can be a liability. For others, it can provide both stability and a competitive advantage,” she added.

Characteristics of a Strong Risk Culture

How well organizations develop a risk culture can vary greatly, but among organizations that excel at it, there are certain common features. “When I’m assessing how strong a company’s risk culture is, I start by understanding how an organization allows and responds to challenge in general—whether it’s a challenge to a policy, an action taken by the organization or other aspect,” said Eddie Barrett, a director in the Deloitte Consulting LLP’s Human Capital practice, who presented during the webcast.Whether senior people are comfortable with being challenged and how they respond to being challenged, especially in a group environment, can reveal important aspects of organizational culture. So do what consequences and outcomes occur for those who raise challenges. “In some cases, people who have challenged others have lost their jobs or have been penalized as a result,” Mr. Barrett added. “That’s clearly not the sort of culture that you want to encourage if you want to build an organization with a strong risk culture.” Positive attributes of a strong culture include:

Commonality of purpose, values and ethics: The extent to which an employee’s individual interests, values and ethics are aligned with the organization’s risk strategy, appetite, tolerance and approach.

Universal adoption and application: Whether risk is considered in all activities, from strategic planning to day-to-day operations, in every part of the organization.

A learning organization: How and if the collective ability of the organization to manage risk more effectively is continuously improving.

Timely, transparent and honest communications: People are comfortable talking openly and honestly about risk, using a common risk vocabulary that promotes shared understanding.

During the webcast, participants were asked a series of polling questions, including, “To what extent does your organization’s risk culture influence how your people behave day to day?” Of more than 1,700 respondents, 32.4% answered “to a great extent,” 41.3% said “somewhat” and 13.6% answered “a little.”

Three Stages of Continuous Improvement of an Organization’s Risk Culture

Improving risk culture is a process that can be separated into three stages, each with its own components: cultural awareness, cultural change and cultural refinement. “An organization’s initial focus should be on building cultural awareness, predominantly through communications and education,” said Mr. Barrett. “Cultural improvement will likely require meaningful changes to established ways of operating,” he added.

Stage 1: Building Cultural AwarenessIn the cultural awareness stage, companies are establishing their risk management expectations for the organization and defining roles and responsibilities around risk. “Companies at this stage are communicating clearly and continuously to their employees what their expectations are,” noted Kevin Blakely, senior advisor to Deloitte’s Governance, Regulatory and Risk Strategies group, who also presented on the webcast. “Such companies are taking the time to educate their employees either through communications or through formal training, so they understand how to meet the organization’s cultural expectations,” added Mr. Blakely, who spent two decades as a senior regulator with the Office of the Comptroller of the Currency. The components of building cultural awareness include:

Delivering communications from leadership using a common risk management vocabulary.

Clarifying risk management responsibilities and accountabilities.

Conducting risk management general education and customized training programs based on employees’ roles.

Embedding risk management into induction or onboarding programs.

Refining recruitment methods to include risk management capabilities.

Stage 2: Changing an Organization’s Culture

At a more advanced level, organizations approach and embrace the cultural change stage, where they foster an environment that both recognizes and rewards people for paying attention to risk, including knowing how to challenge the status quoconstructively. “It’s at this stage where organizations develop motivational systems, both positive and negative, to reward the right kind of behavior or to penalize the wrong kind of behavior,” said Mr. Blakely. “We see a keen focus on talent management trying to get the right people into the right positions to drive the right results.” Another hallmark of this stage is the emphasis on the ethical and compliance standards that are important to the organization. Some important components of changing an organization’s risk culture are:

Position individuals with the desired risk orientation in roles where effective risk management is critical.

Reinforcing behavioral, ethical and compliance standards.

Stage 3: Refining the Organizational Culture

In the third stage, organizations are getting more experienced and mature at their cultural development, trying to monitor cultural performance versus expectations. And those expectations can be set by various stakeholders, including employees, management, the board of directors, investors and analysts. “At this stage, companies are engaging in adjustments of people, strategies and communications in order to produce the cultural outcomes that they desire,” observed Mr. Blakely. “Companies that can demonstrate that they are both learning and have the ability to adjust and move on are fairly far down the path of the cultural road map,” he adds. Steps that are typically taken during this stage include: